# Maintainer: Pierre Schmitz <pierre@archlinux.de>

# ALARM: Kevin Mihelich <kevin@archlinuxarm.org>
#  - set ARM architecture targets
# Oleg Rakhmanov <oleg@archlinuxarm.org>
#  - cryptodev enabled version

pkgname=openssl-cryptodev
_pkgname=openssl
_ver=1.1.1q
# use a pacman compatible version scheme
pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
pkgrel=1
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security with cryptodev support'
arch=('armv7h' 'aarch64')
url='https://www.openssl.org'
license=('custom:BSD')
depends=('glibc')
makedepends=('perl')
optdepends=('ca-certificates' 'perl' 'cryptodev-dkms')
backup=('etc/ssl/openssl.cnf')
conflicts=('openssl')
provides=("openssl=${pkgver}")
install=${pkgname}.install
_cryptodevver=1.12

source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz"
        'ca-dir.patch'
        "https://github.com/cryptodev-linux/cryptodev-linux/archive/cryptodev-linux-${_cryptodevver}.tar.gz")
sha256sums=('d7939ce614029cdff0b6c20f0e2e5703158a489a72b2507b8bd51bf8c8fd10ca'
            '75aa8c2c638c8a3ebfd9fa146fc61c7ff878fc997dc6aa10d39e4b2415d669b2'
            'f51c2254749233b1b1d7ec9445158bd709f124f88e1c650fe2faac83c3a81938')

prepare() {
	cd "$srcdir/$_pkgname-$_ver"

	# set ca dir to /etc/ssl by default
	patch -p0 -i "$srcdir/ca-dir.patch"

	# Copy the header file
	cp -u ${srcdir}/cryptodev-linux-cryptodev-linux-${_cryptodevver}/crypto/cryptodev.h ${srcdir}/openssl-${_ver}/crypto/

	# Modify config file to use cryptodev
	sed -i "s/HOME\t\t\t= ./HOME\t\t\t= .\n\n# To enable cryptodev, uncomment the line below\n#openssl_conf\t\t= openssl_def/g" \
		${srcdir}/openssl-${_ver}/apps/openssl.cnf
        cat << 'EOF' >> ${srcdir}/openssl-${_ver}/apps/openssl.cnf

[openssl_def]
engines=engine_section

[engine_section]
devcrypto=devcrypto_section

[devcrypto_section]
CIPHERS=ALL
DIGESTS=NONE
EOF
}

build() {
	cd "$srcdir/$_pkgname-$_ver"

	if [ "${CARCH}" == 'x86_64' ]; then
		openssltarget='linux-x86_64'
		optflags='enable-ec_nistp_64_gcc_128'
	elif [ "${CARCH}" == 'i686' ]; then
		openssltarget='linux-elf'
		optflags=''
	elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv6h' -o "${CARCH}" == 'armv7h' ]; then
		openssltarget='linux-armv4'
		optflags=''
	elif [ "${CARCH}" == 'aarch64' ]; then
		openssltarget='linux-aarch64'
		optflags='no-afalgeng'
	fi

	# mark stack as non-executable: http://bugs.archlinux.org/task/12434
	./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
		enable-devcryptoeng -DHASH_MAX_LEN=64 \
		shared no-ssl3-method ${optflags} \
		"${openssltarget}" \
		"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"

	make depend
	make
}

check() {
	cd "$srcdir/$_pkgname-$_ver"
	# the test fails due to missing write permissions in /etc/ssl
	# revert this patch for make test
	patch -p0 -R -i "$srcdir/ca-dir.patch"
	
	make test
	
	patch -p0 -i "$srcdir/ca-dir.patch"
	# re-run make to re-generate CA.pl from th patched .in file.
	make apps/CA.pl
}

package() {
	cd "$srcdir/$_pkgname-$_ver"

	make DESTDIR="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs

	install -D -m644 LICENSE "$pkgdir/usr/share/licenses/$_pkgname/LICENSE"
}
